Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux Kernel CIFS Vulnerability

From: Eugene Teo <eugeneteo () kernel sg>
Date: Tue, 14 Apr 2009 11:53:01 +0800
Hi Andreas,

On Tue, Apr 14, 2009 at 2:22 AM, Andreas Bogk <andreas () andreas org> wrote:

Eugene Teo schrieb:

Btw, Linux distributors only send out an advisory if they have fixed
something. As for the CIFS vulnerability, as Marcus has mentioned, a
fix is still being worked on. You can keep track of the progress here:
http://thread.gmane.org/gmane.comp.security.oss.general/1620/focus=1629


I take back what I said about the vendors, this seems to be a reasonable
way to handle the issue.  I'm still shaking my head about the kernel


Thanks.


maintainers, though.


I have seen genuine cases where some developers themselves do not know
the security consequences of the bugs they fixed. But of course, I
have also seen the very obvious ones that were fixed silently. Sadly,
it is not an easy problem to solve, but the situation can improve[1].

[1]http://oss-security.openwall.org/wiki/mailing-lists/oss-security

Eugene
--
http://www.kernel.sg/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: